CVE-2014-3429

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://lambdaops.com/cross-origin-websocket-hijacking-of-ipython", "name": "http://lambdaops.com/cross-origin-websocket-hijacking-of-ipython", "tags": ["Press/Media Coverage", "Technical Description"], "refsource": "CONFIRM"}, {"url": "http://permalink.gmane.org/gmane.comp.python.ipython.devel/13198", "name": "[ipython-dev] 20140713 Vulnerability in IPython Notebook ≤ 1.1", "tags": ["Broken Link"], "refsource": "MLIST"}, {"url": "http://seclists.org/oss-sec/2014/q3/152", "name": "[oss-security] 20140715 IPython Notebook Cross 2014-3429", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "MLIST"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1119890", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1119890", "tags": ["Issue Tracking"], "refsource": "CONFIRM"}, {"url": "https://github.com/ipython/ipython/pull/4845", "name": "https://github.com/ipython/ipython/pull/4845", "tags": ["Patch", "Issue Tracking"], "refsource": "CONFIRM"}, {"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00039.html", "name": "openSUSE-SU-2014:1060", "tags": ["Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:160", "name": "MDVSA-2015:160", "tags": ["Broken Link"], "refsource": "MANDRIVA"}, {"url": "http://advisories.mageia.org/MGASA-2014-0320.html", "name": "http://advisories.mageia.org/MGASA-2014-0320.html", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94497", "name": "ipython-cve20143429-code-exec(94497)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-94"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-3429", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2014-08-07T11:13Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ipython:ipython_notebook:0.13.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ipython:ipython_notebook:0.13.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ipython:ipython_notebook:0.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ipython:ipython_notebook:0.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ipython:ipython_notebook:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ipython:ipython_notebook:1.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ipython:ipython_notebook:0.12.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:mageia:mageia:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-30T16:27Z"}